Firebird Local Inet_Server Buffer Overflow Vulnerability
BID:17077
Info
Firebird Local Inet_Server Buffer Overflow Vulnerability
| Bugtraq ID: | 17077 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 13 2006 12:00AM |
| Updated: | Mar 14 2006 07:25PM |
| Credit: | Discovery of this vulnerability is credited to Joxean Koret <[email protected]>. |
| Vulnerable: |
Firebird Firebird 1.5.2 Firebird Firebird 1.5.1 Firebird Firebird 1.5 |
| Not Vulnerable: |
Firebird Firebird 1.5.3 |
Discussion
Firebird Local Inet_Server Buffer Overflow Vulnerability
Firebird is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary machine code with elevated privileges, because the affected binaries are often installed with setuid privileges.
Firebird is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary machine code with elevated privileges, because the affected binaries are often installed with setuid privileges.
Exploit / POC
Firebird Local Inet_Server Buffer Overflow Vulnerability
The following command will demonstrate this issue:
./fbserver -p `perl -e 'print "a"x155;'`1234
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
The following command will demonstrate this issue:
./fbserver -p `perl -e 'print "a"x155;'`1234
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Firebird Local Inet_Server Buffer Overflow Vulnerability
Solution:
The vendor has released version 1.5.3 of Firebird to address this issue.
Firebird Firebird 1.5
Firebird Firebird 1.5.1
Firebird Firebird 1.5.2
Solution:
The vendor has released version 1.5.3 of Firebird to address this issue.
Firebird Firebird 1.5
-
Firebird Firebird V1.5 Downloads
http://firebird.sourceforge.net/index.php?op=files&id=engine
Firebird Firebird 1.5.1
-
Firebird Firebird V1.5 Downloads
http://firebird.sourceforge.net/index.php?op=files&id=engine
Firebird Firebird 1.5.2
-
Firebird Firebird V1.5 Downloads
http://firebird.sourceforge.net/index.php?op=files&id=engine
References
Firebird Local Inet_Server Buffer Overflow Vulnerability
References:
References:
- Firebird Homepage (Firebird)
- Buffer Overflow and Installation Script Error in Firebird 1.5.3 (Joxean Koret
)